cs.punk Posted April 15, 2009 Share Posted April 15, 2009 This foreach thing is kinda werid too, if you make it echo out a $varible, you expect the contents of the varible to appear right?... It echos out the varible name :-? <form id="form1" name="form1" method="post" action="foreach.php"> Form for the $_POST foreach thing <input name="wow" type="text" /> <input name="wow2" type="submit" value="SUMBIME"/> </form> <?php include "mysqlcon.php"; if(get_magic_quotes_gpc()) {echo "Warning: Magic Quotes is on!"; } $con = mysqli_connect ("$dbhost","$dbuser","$dbpass","$dbname") or die ("Could not connect to server"); if (isset($_POST['wow2'])) {echo "\$post['wow2'] is set!<br/>"; } else {echo "\$post['wow2'] is not set!<br/>"; } foreach($_POST as $var => $value ) {$_POST['$var'] = mysqli_real_escape_string($con, strip_tags(trim($value))); echo "$var is = $value !!<br/>"; } echo "<br/>"; foreach($_POST as $var => $value ) {echo "$var is = $value<br/>"; } ?> Also I noticed that I had magic quotes turn on, ~what made me think it was off?~ I inserted a data from $_POST and NO slashes were on, only when you echo out the $_POST array... Weird or what? Quote Link to comment Share on other sites More sharing options...
gizmola Posted April 15, 2009 Share Posted April 15, 2009 Why are you messing the the $_POST? That's a superglobal. You should consider it read only data. What is your question? Quote Link to comment Share on other sites More sharing options...
Liquidz0r Posted April 15, 2009 Share Posted April 15, 2009 first of all, check your echo ... you're using $post instead of $_POST, so I imagine that might solve part of your problem. Secondly, what's the use of saying $_POST['wow2'] is not set ... when it's not set? Then you can't print/echo it either because there's just nothing there. Thirdly, you're writing an array-record inside an echo. I would do it like this: echo $_POST['wow2']." is set!<br/>"; OR print("{$_POST['wow2']} is set!<br/>"); then, your foreach function is pretty weird too ... you're trying to 'modify' your $value of your $_POST results I figure? There's no point storing them inside $_POST['$var'], try doing it this way instead: foreach($_POST as $var=>$value) { $value = strip_tags(trim($value)); $value = mysqli_real_escape_string($con, $value); echo $var." is = ".$value." !!<br/>"; } } Something like that, I'm at work so I didn't check it myself :-) Quote Link to comment Share on other sites More sharing options...
cs.punk Posted April 15, 2009 Author Share Posted April 15, 2009 first of all, check your echo ... you're using $post instead of $_POST, so I imagine that might solve part of your problem. // I don't want to use $post I want to modify the actual $_POST Secondly, what's the use of saying $_POST['wow2'] is not set ... when it's not set? Then you can't print/echo it either because there's just nothing there. //Thats just to let me understand this whole foreach() thing Thirdly, you're writing an array-record inside an echo. I would do it like this: echo $_POST['wow2']." is set!<br/>"; OR print("{$_POST['wow2']} is set!<br/>"); then, your foreach function is pretty weird too ... you're trying to 'modify' your $value of your $_POST results I figure? There's no point storing them inside $_POST['$var'], try doing it this way instead: foreach($_POST as $var=>$value) { $value = strip_tags(trim($value)); $value = mysqli_real_escape_string($con, $value); echo $var." is = ".$value." !!<br/>"; } } Something like that, I'm at work so I didn't check it myself :-) And there is a point, insted of doing a check on all $_POST results, can't I have a simple 'array fuction' of somesort... Quote Link to comment Share on other sites More sharing options...
gizmola Posted April 17, 2009 Share Posted April 17, 2009 Just going back to the original post -- again, you seem to be questioning things as if your version of PHP is doing something odd, when in fact based on your code things are working exactly as designed. I already advised you previously not to change the $_POST. There's no point in attempting to sanitize the entire $_POST with mysql_real_escape_string(), as that function is specifically only designed to be used when you are sure you are going to insert a STRING into mysql. If your form has other data types, there' s no reason to be escaping them in advance. Regardless, best as I can tell, your complaint is that mysql_real_escape_string() doesn't take a whole array for your convenience. It simply doesn't. My feedback to you, respectfully, is that your original post -Didn't have any clear questions in it You'll find you get much better answers to questions you might have if you ask clear questions. For example: This foreach thing is kinda werid too, if you make it echo out a $varible, you expect the contents of the varible to appear right?... It echos out the varible name :-? Barely a question here, and worst of all, you didn't provide any example output for us to see. We aren't mind readers. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.